Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

hive desc table throw SemanticException [Error 10072]: Database does not exist: xxx (state=42000,code=10072)

Labels:
avatar
author-rank holmesin
New Contributor

Created on ‎10-14-2019 07:46 PM - last edited on ‎10-14-2019 10:32 PM by Moderator

In ranger, I have already gave the select permission of certain hive table, and read, execute permission on hdfs path of the table. To make a example:

set read, execute permission on path /apps/hive/warehouse/testdb.db/table1 to account

set select permission on hive table 'table1' on all columns to account

 

When I do the command:

"show tables in testdb.db;" or "desc testdb.table1"

I get the Error from hive client:

Error: Error while compiling statement: FAILED: SemanticException [Error 10072]: Database does not exist: dwd (state=42000,code=10072)

 

 

When I check the 'hivemetastore.log', it shows the query requires the read permission on path '/apps/hive/warehouse/testdb.db'

 

org.apache.hadoop.ipc.RemoteException(org.apache.ranger.authorization.hadoop.exceptions.RangerAccessControlException): Permission denied: user=xxx, access=READ, inode="/apps/hive/warehouse/testdb.db"

 

The problem is, I only want to grant the permission of the table to this account. From my experience I don't need such database path permission to use 'desc' command on the table. What could be the problem?

 

2,577 Views
0 Kudos
4 REPLIES 4

avatar
author-rank Manojkr
Explorer

Created ‎10-15-2019 02:00 AM

Can you check in ranger audit if it blocked and ranger or HDFS ACL ?

2,560 Views
0 Kudos

avatar
author-rank holmesin
New Contributor

Created ‎10-15-2019 02:08 AM

thanks for your reply, the enforcer is ranger-acl. 

2,557 Views
0 Kudos

avatar
author-rank Manojkr
Explorer

Created ‎10-15-2019 02:12 AM

it means permissions not applied. can you grant again and check rangeradmin log for any error ? 

2,554 Views
0 Kudos

avatar
author-rank holmesin
New Contributor

Created ‎10-15-2019 02:21 AM

I think the ranger action should be right, since it denies at the path '/apps/hive/warehouse/testdb.db', I only granted the user hdfs permission to the table path '/apps/hive/warehouse/testdb.db/table1'. I don't understand why it need the read permission to the database directory to do a desc on a table. Since with my ranger setting, I can do select on the table with no problem. It's just that I cannot do "desc" command on this table.
2,549 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements